GOBUSTER
root@oco:~$ find / -iname directory-list -type f 2>/dev/null
/usr/share/seclists/Discovery/Web-Content/directory-list-2.3-small.txtRECURSIVE PAGE FUZZING
root@oco:~$ cp /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-small.txt .
#modify the wordlist and add the reverse shell file name
root@oco:~$ directory-list-2.3-small.txt
php-reverse-shell
* note: the server might change the filename as it get uploaded as a security measure
root@oco:~$ gobuster dir --url http://{targetIP}/ --wordlist directory-list-2.3-small.txt -x php -r -t 50
/.php (Status: 403) [Size: 277]
/themes (Status: 403) [Size: 277]
/uploads (Status: 403) [Size: 277]
/css (Status: 403) [Size: 277]
/index.php (Status: 200) [Size: 10932]
/images (Status: 403) [Size: 277]
/js (Status: 403) [Size: 277]
/fonts (Status: 403) [Size: 277]
* the "dir" option refers directory enumeration mode
* the --url specifies the target IP/URL
* the --wordlist specifies the wordlist to use
* the -x appends file extensions to each word in the wordlist
* can specify multiple extensions by separating them with commas
- php,html,txt
* the -r refers to "recursive fuzzing" (if a directory is found, it continues brute-forcing inside it)
* the -t will use multi threading to make the scan faster (default is 0)
- this could trigger rate-limiting or bansLast updated